International Standards Organization (ISO) Compliance

The ISO 27000 series of standards are a catalog of international standards focused on information security and published by the International Standard for Organization. The most prominent from the series are ISO 27001, a management standard that can be audited, and ISO 27002, which prescribes best practices and controls - but is not a certification standard.

Overview:

ISO 27001

ISO 27001 was recently updated after being first released in 2005, is a specification for an information security management system (ISMS). The standard lays out mandatory requirements that are able to be audited and certified. It contains a cycle of four phases that must continually be implemented.

ISO 27002

ISO 27002 is not a formal specification and is not certifiable. Instead, it supports ISO 27001 by recommending detailed guidance for addressing information security objectives related to data confidentiality, integrity and availability, and deploying an ISMS. ISO 27002 also recently was updated and contains 114 controls listed under the following main sections:

Structure

Securiy Policy

Organization of Information Security

Human Resources Security

Asset Management

Cryptography

Physical And Environmental Security

Operations security

Communications Security

Information Systems Acquisition, Development, Maintenance

Supplier Relationships

Information Security Incident management

Information Security Aspects of Business Continuity

Compliance

Access Control

Solutions:

Trustwave provides a comprehensive portfolio that can help organizations of any size respond to the ISO 27000 series of standards.

Plan and Prepare

Conducting a Risk Assessment is the first step to identifying and implementing safeguards necessary to meet compliance. Trustwave helps you find gaps that may exist between your current security posture and ISO guidance. The customizable assessments, scaled individually for your organization, include identification of key assets and IT systems, assessment of controls and frameworks and a review of third-party providers and incident response programs.

Address Gaps and Vulnerabilities

Trustwave products and services help organizations respond to the controls listed in the ISO standards and implement best practice suggestions Here’s how we can help:

SIEM
Helps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.

Network Access Control
Ensures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.

Data Loss Prevention
Allows you to discover and classify sensitive data and prevent it from leaving the network.

Security Awareness Education
Instructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.

Incident Readiness and Response
Prepares your staff to proactively identify the indications of a breach and contain it quickly and efficiently.

Compliance
Identifies areas of risk and establishes the business and technical requirements needed for an effective information security program.

Automate and Manage Compliance

TrustKeeper Compliance Manager helps you to centrally automate and manage controls, policies and procedures across multiple compliance frameworks. Compliance Manager is delivered through our cloud-based management portal TrustKeeper, which provides a real-time view into the status of your compliance and security programs and offers access to all of your managed services. Through one easy-to-use dashboard, you can submit support requests, see event history, run reports and manage your account at any time.